StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add domains for goldfish services.

Browse Source 
goldfish-setup, goldfish-logcat, and qemu-props are goldfish-specific
oneshot services that lacked domain definitions and thus were left in init's
domain.

This depends on a change to external/sepolicy with the same Change-Id
to define non-goldfish-specific types for properties and logcat.

Change-Id: Idce1fb5ed9680af84788ae69a5ace684c6663974
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
2014-09-03 11:07:03 -04:00
parent c5a99042e9
commit 704744ad81
9 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
target/board/generic/BoardConfig.mk
View File

@@ -82,6 +82,11 @@ BOARD_SEPOLICY_UNION += \
domain.te \ domain.te \
file.te \ file.te \
file_contexts \ file_contexts \
goldfish_setup.te \
goldfish_logcat.te \
property.te \
property_contexts \
qemu_props.te \
qemud.te \ qemud.te \
rild.te \ rild.te \
shell.te \ shell.te \

2
target/board/generic/sepolicy/file_contexts
View File

@@ -2,3 +2,5 @@
/dev/socket/qemud u:object_r:qemud_socket:s0 /dev/socket/qemud u:object_r:qemud_socket:s0
/system/bin/qemud u:object_r:qemud_exec:s0 /system/bin/qemud u:object_r:qemud_exec:s0
/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0 /sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0
/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
/system/bin/qemu-props u:object_r:qemu_props_exec:s0

11
target/board/generic/sepolicy/goldfish_logcat.te Normal file
View File

@@ -0,0 +1,11 @@
# goldfish-logcat service: runs logcat -Q
type goldfish_logcat, domain;
permissive_or_unconfined(goldfish_logcat)
domain_auto_trans(init, logcat_exec, goldfish_logcat)
# Read from logd.
read_logd(goldfish_logcat)
# Write to /dev/ttyS2
allow goldfish_logcat serial_device:chr_file { write open };

19
target/board/generic/sepolicy/goldfish_setup.te Normal file
View File

@@ -0,0 +1,19 @@
# goldfish-setup service: runs init.goldfish.sh script
type goldfish_setup, domain;
type goldfish_setup_exec, exec_type, file_type;
permissive_or_unconfined(goldfish_setup)
init_daemon_domain(goldfish_setup)
# Inherit open file to shell (interpreter) for script.
allow goldfish_setup shell_exec:file read;
# Run ifconfig, route commands to configure interfaces and routes.
allow goldfish_setup system_file:file execute_no_trans;
allow goldfish_setup self:capability { net_admin net_raw };
allow goldfish_setup self:udp_socket create_socket_perms;
# Set net.eth0.dns*, debug.sf.nobootanimation
unix_socket_connect(goldfish_setup, property, init)
allow goldfish_setup system_prop:property_service set;
allow goldfish_setup debug_prop:property_service set;

1
target/board/generic/sepolicy/property.te Normal file
View File

@@ -0,0 +1 @@
type qemu_prop, property_type;

1
target/board/generic/sepolicy/property_contexts Normal file
View File

@@ -0,0 +1 @@
qemu. u:object_r:qemu_prop:s0

10
target/board/generic/sepolicy/qemu_props.te Normal file
View File

@@ -0,0 +1,10 @@
# qemu-props service: Sets system properties on boot.
type qemu_props, domain;
type qemu_props_exec, exec_type, file_type;
permissive_or_unconfined(qemu_props)
init_daemon_domain(qemu_props)
# Set properties.
unix_socket_connect(qemu_props, property, init)
allow qemu_props { qemu_prop dalvik_prop config_prop }:property_service set;

5
target/board/generic_mips/BoardConfig.mk
View File

@@ -64,6 +64,11 @@ BOARD_SEPOLICY_UNION += \
domain.te \ domain.te \
file.te \ file.te \
file_contexts \ file_contexts \
goldfish_setup.te \
goldfish_logcat.te \
property.te \
property_contexts \
qemu_props.te \
qemud.te \ qemud.te \
rild.te \ rild.te \
shell.te \ shell.te \

5
target/board/generic_x86/BoardConfig.mk
View File

@@ -53,6 +53,11 @@ BOARD_SEPOLICY_UNION += \
file_contexts \ file_contexts \
healthd.te \ healthd.te \
installd.te \ installd.te \
goldfish_setup.te \
goldfish_logcat.te \
property.te \
property_contexts \
qemu_props.te \
qemud.te \ qemud.te \
rild.te \ rild.te \
shell.te \ shell.te \